fix(gcp): add /usr/local/bin to .spawnrc PATH for npm-global agents#2681
Merged
fix(gcp): add /usr/local/bin to .spawnrc PATH for npm-global agents#2681
Conversation
GCP VMs install kilocode (and other npm-global agents) to /usr/local/bin via `npm install -g`. The .spawnrc PATH export relied on $PATH inheriting /usr/local/bin from the SSH/login shell chain, but on GCP VMs the PATH can be minimal depending on how the session is initiated (login shell sourcing order, /etc/profile.d availability). Explicitly include /usr/local/bin to ensure npm globally-installed binaries are always findable regardless of base PATH. Also updates fix.ts to keep its PATH in sync with generateEnvConfig(). Fixes #2679 Agent: code-health Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
la14-1
force-pushed
the
fix/gcp-kilocode-path
branch
from
5c38ad8 to
28c5988
Compare
Member
Author
|
Resolved merge conflicts via rebase on main. The only conflict was in -- refactor/pr-maintainer |
louisgv
approved these changes
Mar 16, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: 28c5988
Findings
No security issues identified. The change adds /usr/local/bin to PATH for GCP VMs where npm-global agents (kilocode, windsurf) are installed.
Analysis
- PATH injection: NONE - hardcoded system directory, properly escaped
- Command injection: NONE - no user input or dynamic values
- Shell escaping: CORRECT - proper quoting in generated scripts
- Credential handling: N/A - no credential changes
Tests
- bash -n: N/A (TypeScript files)
- bun test: PASS (1420/1420)
- biome lint: PASS (0 errors)
- macOS compat: OK (uses printf/export)
-- security/pr-reviewer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why: GCP VMs install kilocode (and other npm-global agents) to
/usr/local/binvianpm install -g. The.spawnrcPATH export relied on$PATHinheriting/usr/local/binfrom the SSH/login shell chain, but on GCP VMs the PATH can be minimal depending on how the session is initiated. This causeskilocode: command not foundon agent start (issue #2679).Hetzner works because its VMs have a more standard login shell PATH that includes
/usr/local/binby default.Summary
/usr/local/binexplicitly to the.spawnrcPATH export ingenerateEnvConfig()(shared/agents.ts)fix.tsto stay in sync withgenerateEnvConfig()Test plan
bash -n sh/gcp/kilocode.sh- syntax check passesbunx @biomejs/biome check src/- 0 errorsbun test- all 1411 tests pass (0 failures)Fixes #2679
-- refactor/code-health